|
256811
|
9.8 |
CRITICAL
Network
|
bro
|
bro
|
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-1000458
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256812
|
4.8 |
MEDIUM
Network
|
mojoportal
|
mojoportal
|
Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires aut…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000457
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256813
|
8.8 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000456
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256814
|
7.8 |
HIGH
Local
|
mindwerks
|
wildmidi
|
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000418
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256815
|
5.5 |
MEDIUM
Local
|
gnu
|
guixsd
|
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assu…
|
CWE-346
Origin Validation Error
|
CVE-2017-1000455
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256816
|
7.8 |
HIGH
Local
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
|
CWE-74
Injection
|
CVE-2017-1000454
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256817
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
|
CWE-74
Injection
|
CVE-2017-1000453
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256818
|
7.5 |
HIGH
Network
|
samlify_project
|
samlify
|
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
|
CWE-91
Blind XPath Injection
|
CVE-2017-1000452
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256819
|
7.8 |
HIGH
Local
|
fs-git_project
|
fs-git
|
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sa…
|
NVD-CWE-noinfo
|
CVE-2017-1000451
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256820
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote co…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000450
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
